package com.ai.sml.interceptor;

import java.io.IOException;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

import org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter;

/**
 * 基于URL的权限判断过滤器
 * 
 */
public class URLPermissionsFilter extends PermissionsAuthorizationFilter {
	public boolean isAccessAllowed(ServletRequest request,
			ServletResponse response, Object mappedValue) throws IOException {
		return super.isAccessAllowed(request, response,
				buildPermissions(request));
	}

	/**
	 * 根据请求URL产生权限字符串，这里只产生，而比对的事交给Realm
	 * 
	 * @param request
	 * @return
	 */
	protected String[] buildPermissions(ServletRequest request) {
		String[] perms = new String[1];
		HttpServletRequest req = (HttpServletRequest) request;
		String path = req.getServletPath();
	    if(req.getQueryString()!=null) 
	    {   
	    	path+="?"+req.getQueryString();           
	    } 
		perms[0] = path;	//url path直接作为权限字符串
		return perms;
	}
}